Recertification: 03/2018
DRACOON GmbH proved that its IT product and IT-based service “DRACOON” complies with EU data protection law. DRACOON is a web-based, virtual data space which can be used for uploads, downloads, storage, management and transmission of data. Providing the service, DRACOON GmbH processes customer data in line with EU data protection law. Users of DRACOON are controllers in respect of personal data that may be uploaded to DRACOON. They are provided with guidance on how to comply with EU data protection law in a data protection leaflet. Thus, they can be sure to comply with EU data protection law if they follow this guidance.
Product/Version
DRACOON
(previously marketed as Secure Data Space)
Version: 4. (Subversion 4.5.0) – Function as provided in January 2018
Qualification: IT product and IT-based service (processor service)
View the DRACOON V4 Certificate
Version of Certification Criteria
Cert. No.
EP-S-1W6P7H
Validity
15/03/2018 – 31/03/2020
Recertification No. 1 (SDS v3.0): June 29, 2015
Initial certification (SDS v2.1) on April 28, 2015
Monitoring
11/2018 (O.K.)
07/2019 (O.K.)
Public report
2018 Short Public Report DRACOON v4
2015 Short Public Report SDS v3
Manufacturer/Provider
DRACOON GmbH
(previously traded under the name SSP Europe GmbH)
Galgenbergstrasse 2a
93053 Regensburg
Germany
BEST
DRACOON enables users to make use of secure encryption technology at the client side. A leaflet provides users with understandable information on how to use DRACOON in a data protection compliant manner.
ATTENTION:
Data that are uploaded to a data room by the user may contain personal data and even special categories of personal data. In this respect, the users of DRACOON are controllers whereas DRACOON GmbH acts as a processor on their behalf. This means that users of DRACOON must ensure that this processing of personal data complies with all relevant requirements of EU data protection law. Users are provided with detailed information on this topic in a data protection leaflet.
Summary
DRACOON is a web-based virtual data space which can be used for uploads, downloads, storage, management and transmission of data. DRACOON is designed for B2B relationships. It is accessible via https://dracoon.team.
Depending on the individual usage scenario, data may qualify as personal data and even as special categories of personal data. Confidentiality of (personal) data can be ensured by means of encryption technology at the client side. DRACOON GmbH advises the users to choose this option when processing personal data by means of DRACOON in a data protection leaflet.
Details
Recertification 03/2018:
The following changes have been made to the ToE since the previous recertification:
- Directories can now be shared
- Introduction of a recycle bin where old versions of files can be kept
- The syslog entries can now optionally be sent to an audit system (e.g., Splunk – not part of the ToE)
- E-mail addresses can be changed by the users
- Customers’ accounts can be locked
- Favorites: Files and folders can be tagged as favorites by users for quick access
- Upload accounts can be password protected
- Upload accounts and download links (with password protection) in encrypted rooms have been enabled
- The Activity Log has been introduced, allowing authorized users to see, etc. which new files have been added in their data rooms
- Granular rights concept and new roles
- Sending release passwords via SMS
- Drag and drop upload via the web interface
- Sending note e-mails via the web interface
The results of the re-evaluation by the EuroPriSe experts demonstrated that DRACOON meets all applicable requirements of EuroPriSe’s “GDPR-ready” criteria catalogue.
Recertification 06/2015:
SDS v3.0 introduces the following improvements:
- Implementation of JSON_REST_API Interface
- Improvement of encryption functionalities
- Improvement of provision of encrypted files
- Increased length of share links
- Improvement of authorisation concept
The following versions of SDS v3.0 are covered by the EuroPriSe certification:
- Secure Data Space Online
- Secure Data Space Dedicated
- Secure Data Space Virtual Appliance
The ToE includes:
- WebUI
- JSON_REST_API Interface
- SDS Server
- Management database
- Appropriatenes of technical and organisational measures at QSC data center
- Legal interfaces (data protection relevant contracts) with QSC data center
The ToE does not include:
- The use of SDS by means of smartphones and tablets
- Mobile apps that enable users to make use of SDS
- The operational environment
- The hardware components that are located in the data center and the respective operating system
- Licensing and sales processes of SSP Europe GmbH
- The presentation of the company at https://www.ssp-europe.eu
- Any further services of SSP Europe GmbH
Technical Evaluator
Since recertification no. 2 (201803):
Alexey Testsov
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Until recertification no. 1 (201506):
Ralf von Rahden
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Legal Evaluator
Dr. Irene Karper
datenschutz cert GmbH
Konsul-Smidt-Str. 88a
28217 Bremen
Germany
Formerly Certified Versions
v3.0
v2.1